+++ This bug was initially created as a clone of Bug #1969928 +++ +++ This bug was initially created as a clone of Bug #1965330 +++ Description of problem: RHEL images now contain two files with security capabilities that are being set, as described here: https://projects.engineering.redhat.com/browse/RHELBLD-4379 This results in failures during oc image extract because the extraction process can't set the capability on the extracted file (because the user doesn't have permission to do so): $ oc image extract registry-proxy.engineering.redhat.com/rh-osbs/iib:76743 error: unable to extract layer sha256:53732dad4680ae165f569331357b89605c03583057db7193a7a4fabdf312f061 from registry-proxy.engineering.redhat.com/rh-osbs/iib:76743: operation not permitted RHEL has since reversed this change because of the impact on OCP, but will want to re-assert the change once OCP is patched to tolerate these files/capabilities. The fix to oc will need to be backported all the way to at least 4.6 to ensure customers have a working binary to consume. Version-Release number of selected component (if applicable): 4.8 but expectation is that all versions are affected. How reproducible: always (when using an image w/ these files/capabilities set) Actual results: permission failure extracting the image Expected results: files are extracted successfully Additional info:
*** Bug 1970203 has been marked as a duplicate of this bug. ***
[root@localhost ~]# oc image extract registry-proxy.engineering.redhat.com/rh-osbs/iib:76743 --confirm [root@localhost ~]# echo $? 0 [root@localhost ~]# oc version --client Client Version: 4.6.0-0.nightly-2021-07-09-014429 Can't reproduce the issue now .
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.39 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:2684